[issue13647] Python SSL stack doesn't securely validate certificate (as client)

Antoine Pitrou report at bugs.python.org
Fri Dec 23 11:43:08 CET 2011

Antoine Pitrou <pitrou at free.fr> added the comment:

> Antoine, in case it's useful, do you think that it would be possible
> to have something exactly-like the OpenSSL verify command?

Well, to quote the page you mentioned:
“The verify program uses the same functions as the internal SSL and
S/MIME verification, therefore this description applies to these verify
operations too.”

So these checks are exactly the ones performed when using CERT_OPTIONAL
Note that it is cursorily mentioned (or hinted at) at


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list